CVE-1999-1343

Vulnerability

The HTTP server on the Xerox DocuColor 4 LP printer (running Apache/1.0.3) crashes and becomes unresponsive when sent a long URL with a large number of . characters. For example, a URL like HTTP://DocuColor/around2000dots/ triggers the denial of service condition. The server hangs completely, no longer responding to pings or accepting print jobs until physically power-cycled. Affected firmware versions are those shipped with the DocuColor 4 LP at the time of the report (1999).

Exploitation

An attacker with network access to the printer's web interface on TCP port 80 can trigger the vulnerability by sending an HTTP GET request with a URL containing approximately 2000 periods. No authentication is required. The specific step is to telnet to the printer's IP on port 80 and issue a crafted request such as GET /<...~2000 dots...> HTTP/1.0.

Impact

Successful exploitation causes a complete denial of service: the printer becomes unresponsive to network requests (including ICMP ping and TCP connections) and stops processing print jobs. The only recovery method is a hard power-cycle (removing and reapplying power, or using the physical power button). No data is corrupted or disclosed, but the device is unavailable for use until manually reset.

Mitigation

No official fix from Xerox has been identified in the available references [1]. The vendor was contacted at the time of disclosure, but no patch or update is documented. If the printer is still in service, the only mitigation is to restrict network access to the web interface via firewall rules or VLAN segmentation, or to disable the HTTP server if possible. This vulnerability is not listed on the CISA KEV.